827 share verify and reapply fix

[noah-paige]

Feature or Bugfix

• Feature

Detail

• Add Ability to Verify Health Status of Share Requests
• Add Ability to Re-apply share request processing if in an unhealthy state

Relates

• Add ability to re-apply KMS and bucket policy changes #827

Security

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

• Does this PR introduce or modify any input fields or queries - this includes
  fetching data from storage outside the application (e.g. a database, an S3 bucket)?
  • Is the input sanitized?
  • What precautions are you taking before deserializing the data you consume?
  • Is injection prevented by parametrizing queries?
  • Have you ensured no eval or similar functions are used?
• Does this PR introduce any functionality or component that requires authorization?
  • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  • Are you logging failed auth attempts?
• Are you using or adding any cryptographic features?
  • Do you use a standard proven implementations?
  • Are the used keys controlled by the customer? Where are they stored?
• Are you introducing any new policies/roles/users?
  • Have you used the least-privilege principle? How?

Pending TODO

• ECS Scheduled Task to Verify Shares
• Write Unit Tests
• Add Verify On Dataset Level for All Shared Items in Associated Share Objects

Things to Consider

• ECS Scheduled Task to be Weekly (default)

  • Open to discussion on if weekly is the best default schedule or if a different time range is better
  • Alternatively, can introducer a custom scheduler parameter in config.json

• Currently shareitem health columns (healthStatus, healthMessage, lastVerifiedTimestamp) are a part of the same share_object_item table - makes it very easy to get the latest health of each share item

  • Take a look at the comment on Issue 827 for more information about the lifecycle of these health columns / how they are updated
  • Alternatively, could create a new share_object_item_health table that tracks every verify attempt and a column in share_object_item to point to the primary key of the record in share_object_item_health with the latest health information (updated for each verification run) - would persist each verification run for auditability / traceability

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[petrkalos]

There are a lot of formatting changes making it a bit hard to track what changed (#1076 )

[petrkalos]

nit: Why switching those to double-quotes? I noticed that in other files you used single-quotes for strings.
Also generally speaking and especially in large PRs (like this) I'd refrain including unrelated changes in the same PR (i.e reformatting)

[noah-paige]

Ran black formatter on this file to quickly fix the linting errors I was receiving from code changes I introduced - ended up re-formatting a lot of the file

To standardize formatting in the backend post this PR - for now I will leave the changes as such if okay with you

[dlpzx]

Mostly minor things except for the default value of Healthy that I think it might be a tiny bug. I also reviewed the test cases, they look great. One curiosity, have you tested more than one error at the same time? From the code I think it will work fine

[noah-paige]

Mostly minor things except for the default value of Healthy that I think it might be a tiny bug. I also reviewed the test cases, they look great. One curiosity, have you tested more than one error at the same time? From the code I think it will work fine

Yup have tested multiple at the same time as well! No errors seen so far with that either

[dlpzx]

lgtm, approving